I'm browsing, I'm only one person and cannot possibly open more files or make more network connections than a maxusers of 16 can support. On a busy Internet server, though, I might kick this value up to 256; this is high enough that the server will prepare to handle thousands of network connections and open files.

If your maxusers value is too low, the system will start to be unable to handle all your files and network connections. The kernel will notice that it cannot handle all these requests, and will log errors. You'll start to get warnings on the console and in /var/log/messages telling you quite explicitly to increase maxusers.

Don't raise maxusers above 256, though, unless you have an insane number of files on a single partition (millions, for example) or you push multiple T1s of bandwidth.

Basic Options

Following the maxusers value in the config file, there are a variety of basic options, including things like INET for TCP/IP support, and FFS for UNIX filesystem support. You'll also encounter rarely used ones that you can remove. We won't discuss all the kernel options, but merely some specific examples from different types of options and some of the more common options. I'll specifically mention ones that can be trimmed from an Internet server.

Consider the following options:

...............................................................................................

options MATH_EMULATE

...............................................................................................

Older CPUS (specifically the 386 and the 486SSX) have no math co−processor. If your system lacks a math co−processor, you should leave MATH_EMULATE in so your kernel will emulate a math co−processor in software. Any modern CPU will have a math co−processor, however, and if that's true in your case, you can cut it.

...............................................................................................

options INET

...............................................................................................

The INET option provides support for network protocols, such as TCP/IP. Keep this one.

...............................................................................................

options INET6 #IPv6 communications protocols

...............................................................................................

If you're using IPv6, you need INET6. If not, cut it.

...............................................................................................

options FFS

...............................................................................................

83

The FFS option specifies UNIX Fast Filesystem, FreeBSD's default. Keep it.

...............................................................................................

options SOFTUPDATES

...............................................................................................

Softupdates is a method for ensuring disk integrity with FFS. (We'll discuss soft−updates at some length in Chapter 13.) Keep this line unless you specifically decide against using softupdates.

...............................................................................................

options MD_ROOT

...............................................................................................

If you use MFS to build diskless workstations, you need the MD_ROOT option. Otherwise, give it the axe.

...............................................................................................

...............................................................................................

These two options support the Network File System. The NFS_ROOT option allows you to boot off an NFS drive, rarely used in Internet servers. You can delete both entries if you aren't using NFS.

...............................................................................................

options MSDOSFS

...............................................................................................

The MSDOSFS option supports MS−DOS−formatted filesystems and floppies. If you mount or unmount MS−DOS floppy disks, or if you are sharing your hard drive with a Microsoft operating system, you might want this option. You can also temporarily load this functionality with the msdos.ko module.

...............................................................................................

...............................................................................................

The CD9660 option supports the standard CD−ROM filesystem. Like the MSDOS filesystem, you can temporarily load and unload this functionality with the cd9660.ko module.

...............................................................................................

...............................................................................................

If you remove the preceding two lines, your system will break. Many user programs rely on BSD4.3 functions. The COMPAT_43 option provides kernel compatibility with BSD4.3. Similarly,

84

process−monitoring programs rely on the process file system (PROCFS).

...............................................................................................

options SCSI_DELAY=15000

...............................................................................................

The SCSI_DELAY option specifies the number of milliseconds FreeBSD waits after finding your SCSI controllers before probing the SCSI devices, giving them a chance to spin up. If you don't have any SCSI hardware, you can delete this line. If you have new SCSI hardware, you can reduce this setting to 5000 (5 seconds) or lower.

...............................................................................................

options UCONSOLE

...............................................................................................

Some programs allow users to look at the system console in an X Windows terminal. The UCONSOLE option is the kernel support for that feature. You can delete this line if you aren't using X, or if you don't have this system set up as a desktop.

...............................................................................................

...............................................................................................

These two userconfig lines allow you to enable and disable devices before your kernel boots. While you don't absolutely need them, when you read some FreeBSD hardware documentation that says "set this in userconfig," you'll regret not having them.

...............................................................................................

options KTRACE

...............................................................................................

The KTRACE option enables kernel−level tracing. Keep it unless you know exactly what it is and what you're doing.

...............................................................................................

...............................................................................................

The preceding three options support System V−style interprocess communication, and many applications expect to have them. They can also be loaded as modules.

...............................................................................................

85

...............................................................................................

The two lines support kernel POSIX functions, and many programs expect to find POSIX features in the kernel.

Multiple Processors

If your system has multiple processors, you need the following kernel options:

...............................................................................................

...............................................................................................

The SMP option tells the kernel to use the appropriate code for multiple processors; APIC_IO handles input and output for SMP kernels.

When you're building an SMP kernel, remove the I386_CPU and I486_CPU from your kernel configuration. FreeBSD only supports SMP on systems that fit the Intel SMP specification, and this specification does not support SMP with 386 or 486 chips.

If you do not have multiple processors, leave these options commented out!

Device Entries

After the options entries in the config file, you'll find device entries, which are grouped in fairly obvious ways.

Bus Entries

The first device entries are bus entries, such as device pci and device isa. Keep these, unless you truly don't have that sort of bus in your system. (You might be surprised at the number of "legacy−free" systems that have an ISA bus hidden somewhere in their innards; for example, my brand−new laptop has an old−fashioned ISA bus hidden in it.) The EISA device, however, can probably be removed on modern computers.

Interfaces

The IDE/ATAPI interfaces and devices are next (we saw an example of these at the beginning of the "Editing Kernel Files" section). Even if your system has no IDE devices, it's probably a good idea to keep the "device ata", especially since most motherboards have an IDE controller or two on them. You can eliminate entries for any IDE devices you don't have.

Next are the SCSI controllers and cards, used for SCSI features, including those needed by parallel port Zip disks and USB storage devices. If you don't have any of these devices, this whole section can go away. If you're using SCSI, just remove the controllers you don't have.

86

...............................................................................................

...............................................................................................

After the SCSI section, you'll find a few lines of device drivers for such mundane things as keyboards, monitors, your PS/2 port, and so on. Don't delete these.

The network card list comes next; it is quite long and looks much like the SCSI and IDE sections. If you're not going to replace your network card any time soon, get rid of the drivers from any hardware you don't have. If your system doesn't have any ISA slots in it, you can certainly delete all of the ISA drivers.

Pseudo−Devices

Near the bottom of the GENERIC kernel, you'll find a list of pseudo−devices. As the name might suggest, these are created entirely of software. For example, when you telnet or SSH (see Chapter 13) into the system remotely, the system has to have a way to keep track of your terminal session, send characters to it, and read what you type. It wants to treat your remote connection just as it treats the physical monitor and keyboard attached to the system. To do so, it uses a pseudo−device called a pseudo−terminal. Because the kernel treats these much like devices, we call them pseudo−devices.

Here's one, for example:

...............................................................................................

pseudo−device loop

...............................................................................................

This is the loopback interface, lo0, a network interface that points back to the local machine. If you remove it, many pieces of software will break in interesting ways. This can be very educational, but you don't want to do this in a production system.

...............................................................................................

pseudo−device ether

...............................................................................................

The ether pseudo−device provides general Ethernet support. You probably want it.

...............................................................................................

pseudo−device sl

...............................................................................................

The sl pseudo−device is for Serial Line Internet Protocol (SLIP). It is an old protocol that has been replaced by Point−to−Point Protocol (PPP). You probably don't need this unless your ISP requires

87

The ppp pseudo−device is for kernel−based PPP. Kernel−based PPP has fallen out of favor, being supplanted by userland PPP. You probably don't need this.

If you do want to use kernel PPP, the number after "ppp" is the number of PPP devices to create.

...............................................................................................

pseudo−device tun

...............................................................................................

The tun pseudo−device is the logical packet tunnel. Various programs use this to sneak packets in and out of the kernel. You need this for userland PPP (regular dial−up connections).

...............................................................................................

pseudo−device pty

...............................................................................................

The pty pseudo−devices are pseudo−terminals, used for things like telnet connections, and so on. You want these.

...............................................................................................

pseudo−device md

...............................................................................................

The md pseudo−device is for memory disks. Again, if you're not using memory disks, you don't need them. For most (but not all) Internet servers, memory disks are just a waste of RAM. However, a very few special−purpose servers (such as, anonymous CVS servers) need memory disks.

...............................................................................................

pseudo−device gif pseudo−device faith pseudo−device bpf

...............................................................................................

The bpf pseudo−device is the Berkley Packet Filter, which allows you to examine packets on your network. It's used for packet sniffers and for the DHCP client and server. If you don't need any of those, turn this off.

88